1. Technical Field
The present invention relates generally to managing security policies as protected files (e.g., Web documents) are accessed by a Web browser user from a secure distributed file system.
2. Description of the Related Art
The World Wide Web of the Internet is the most successful distributed application in the history of computing. In the Web environment, client machines effect transactions to Web servers using the Hypertext Transfer Protocol (HTTP), which is a known application protocol providing users access to files (e.g., text, graphics, images, sound, video, etc.) via a standard page description language known as Hypertext Markup Language (HTML). HTML provides basic document formatting and allows the developer to specify xe2x80x9clinksxe2x80x9d to other servers and files. In the Internet paradigm, a network path to a server is identified by a so-called Uniform Resource Locator (URL) having a special syntax for defining a network connection.
Use of an HTML-compatible browser (e.g., Netscape Navigator or Microsoft Internet Explorer) at a client machine involves specification of a link via the URL. In response, the client makes a request to the server identified in the link and receives in return a document formatted, for example, according to HTML.
Many business organizations and other entities now desire to integrate Web transaction processing into their distributed computing environment in which users access distributed resources and process applications. A known distributed computing environment, called DCE, has been implemented using xe2x80x9copenxe2x80x9d software conforming to standards implemented from time-to-time by The Open Group or xe2x80x9cTOGxe2x80x9d (f/k/a the Open Systems Foundation (OSF)). As DCE environments become more popular, many applications have been written and utilized to provide distributed services such as data sharing, printing services and database access. The Open Group DCE includes a distributed file system, called Distributed File Services (DFS), for use in these environments.
DFS provides many advantages over a standalone file server, such as higher availability of data and resources, the ability to share information throughout a very large-scale system, and protection of information by the robust DCE security mechanism. In particular, DFS makes files highly available through replication, making it possible to access a copy of a file if one of the machines where the file is located goes down. DFS also brings together all of the files stored in various file systems in a global namespace. Multiple servers can export their file system to this namespace. All DFS users, in the meantime, share this namespace, making all DFS files readily available from any DFS client machine.
The functionality of existing standalone Web servers in the enterprise environment has been extended to take advantage of the scalability, file availability and security features of DFS (and other similar distributed file systems). As a by-product, users with off-the-shelf browsers are able to easily access the Web information stored in the DFS namespace with no additional software on the client machine. This functionality has been implemented in a Web server plug-in product. The product allows a Web browser user to access documents stored in the Distributed File System (DFS) space of the Distributed Computing Environment (DCE). This is accomplished by enabling the user to log onto the browser with a valid DCE identity and then setting up the Web server with the appropriate DCE credentials to allow the server to access the document on behalf of the Web user.
Because DCE credentials are used to facilitate a Web transaction into DFS, however, there is a possibility that the user""s password may have expired when the user attempts to access a DFS document. Thus, for example, a user may have a valid DCE credential on a given day but then leave his or her machine (with the browser open) running overnight. When the user arrives the next day, however, his or her DCE password may no longer be valid for some reason. Thus, for example, the administrator may not want the Web browser user to access the protected documents in DFS. Nevertheless, DCE takes no explicit action when the user""s password has expired. Thus, the user may still be able to access the documents, which may be unacceptable to some administrators or in certain environments.
This invention addresses the problem of managing password expiration (or other security policy changes) in a system wherein a user of Web browser accesses Web documents stored in a secure distributed file system space.
An object of this invention is to enable a Web browser user to automatically change a password when an invalid password is detected and then to use the new password to access documents in a secure distributed file system space. The technique is preferably implemented in conjunction with a Web server application that accesses a document within the file system space on behalf of the Web browser user.
Another more general object of this invention is to change or enforce a given security policy as a server impersonates a client to obtain access to files stored in a distributed file system space of a distributed computed environment.
Yet another object of this invention is to selectively inhibit a Web browser user having an expired password from accessing documents in a protected distributed file system space.
A more general object of this invention is to change a security policy for an application using a security subprogram that is independent of the application.
Still another more general object of this invention is to monitor a security policy change for a given process during the operation of another process and to selectively direct a user to a mechanism that enables the user to respond to the policy change.
Another object of this invention is to enable an administrator to lock a user out of DCE/DFS functionality from a Web browser until the administrator has an opportunity to renew the account and reset the user""s password.
These and other objects of this invention are provided in various methods, systems and computer program products. Thus, for example, a method for changing a user password according to the present invention is preferably operative as a Web server impersonates a Web client to obtain access to files stored in a distributed file system space of a distributed computing environment. The distributed computing environment typically includes a security service for returning a credential to a user authenticated to access the distributed file system. The present invention provides a mechanism for enabling a user to change his or her password, for example, when the user""s password has expired. The method begins in response to receipt of a Web transaction request from the Web client. At this point, a determination is made regarding whether the user""s password has expired. If so, the mechanism preferably suspends processing of the Web transaction request and then enters a password change subprogram to enable the user to define a new password. Typically, the password change subprogram displays a password change dialog that interacts with the user. Upon definition of the new password by the user, the mechanism resumes processing of the original Web transaction request. Alternatively, the user may be prompted to terminate the original transaction request and select a new URL and/or document.
The mechanism preferably suspends processing of the Web transaction request by saving the user-requested Uniform Resource Locator (URL) in the Web transaction request and then redirecting the user to a URL associated with the password change subprogram. Upon completion of any necessary user interactions with the password change subprogram, the original transaction is resumed, preferably by restoring the user-requested URL back into the Web transaction request. This operation may take place automatically upon definition of the new password. Alternatively, the user may be required to take some given action, e.g., selection of a CONTINUE button or the like, to complete the original transaction.
Although the inventive method is preferably used to change a user""s password during a particular type of Web transaction, namely, as a Web server impersonates the Web client to obtain access to files stored in a distributed file system of a distributed computing environment, the inventive technique has more general applicability. Thus, a more general object of this invention is to provide a method for enforcing or changing a security policy for an application that begins by intercepting a user credential from a client sent to the application. Thereafter, a determination is made regarding whether a revised security policy for the application exists. If so, the method calls or otherwise enters a security subprogram that interacts with the user. Upon satisfactory conclusion of any necessary security interaction, the application is invoked. Because the security subprogram preferably is independent of the application, the revised security policy is imposed without any change in the application. In one preferred embodiment as described above, the intercepting step is performed by a server, such as a middle-tier Web server, and the security subprogram is at a different URL than the application.
The foregoing has outlined some of the more pertinent objects and features of the present invention. These objects should be construed to be merely illustrative of some of the more prominent features and applications of the invention. Many other beneficial results can be attained by applying the disclosed invention in a different manner or modifying the invention as will be described. Accordingly, other objects and a fuller understanding of the invention may be had by referring to the following Detailed Description of the Preferred Embodiment.